Month: December 2016

Introduction

Passwords and PINs

Are you using one of those passwords that are described as weak here? http://www.pcworld.com/article/187354/Study_Hacking_Passwords_Easy_As_123456.html

Below is a list of 500 worst passwords identified by security consultant, Mark Burnet as being used by a lot of people.  (Perfect Passwords: Selection, Protection, Authentication by Mark Burnet and Dave Kleiman)

worst-passwords

These passwords are well-known to hackers and they will be in their database to check against when they perform a first attack to crack a password.

Why are these passwords weak?  The reasons are that they consist of:

  • common names, fully or partly
  • words in the dictionary
  • common swear words
  • characters in sequence or forming a pattern, either in numerical digits, alphabets or keyboard entries
  • only of one character set, either all alphabet letters or all numerical digits
  • many of them consist of only 4 characters and none has more than 8.

Many people use those easy-to-crack passwords because they have difficulty creating passwords that they can remember if they are long and complex.  It becomes a real problem if they try to use different passwords for different websites or portals.  They end up either using the same password for different systems or writing them down which put them at risk of compromise.

Personal Indentification Number (PIN)

PINs are another bugbear we have to live with in this world of technology and computer.  At the least, we need them at the ATM to draw money.  Or, if you do not like to carry money, then at the shops to make payments through direct deduction from your account with a bank.  Again lots of people end up using easily-guessed numbers.  Nick Berry, a data scientist at Facebook, made an analysis of the most and the least common numbers used as PINs. (http://www.datagenetics.com/blog/september32012/)

For 4-digitop-20-worst-pins-4-digitst PINS, he found that the most popular number is 1234.  In the pool of 3.4 million 4-character passwords gathered for his study, almost 11% of them are 1234.  This means with just one guess with this number, there is a 10% chance of making a hit.

Here is a table showing the top 20 most popular numbers being used:

 

They add up to 26.83%.  Like passwords, we can see why these PINs are weak.  They are digits in sequence or in patterns like aaaa and abab.

 

Nick also found that a popularly used method to generate PINs is to follow a convenient sequence of keys on the keypads.

convenient-key-sequence

 

Convenient key sequence for numbers:

2580

2046

1397

2486

 

http://www.sleuthsayers.org/2013/08/pins-and-passwords-part-1.html

 

PINs can range from 4 to 10 digits.  Similar weaknesses are found in PINs of more digits.

top-20-worst-pins

In fact, PINs requiring more digits pose even more problem for people.  For 9-digit PINs, 35% of people use 123456789.  To them, they probably find a random number of 9 digits difficult to remember.

So we can see that memory is the root of the problem.  Strong and secure ones are not easy for the memory, especially when they are not used frequently. Try to remember this:

dabtflTS5/~UN

Difficult?  Well, you will not find it so if you know how to construct it.  I’ll show you how in the posting “Creating strong and secure Passwords”.

Here are the links to it and other postings:

Creating strong and secure Passwords

Creating strong and secure PINs

Others Ways of Converting Words to Numbers

Red Herrings